Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Windows XP SP3 Trojans, Malware, you name it!

ulf the wolf

Posted 28 May 2008 - 04:51 PM

ulf the wolf

New Member

Member

3 posts

Hello there! I've just registered to this forums as I've stumbled upon it through a google search on just what the heck is a matter with my computer. I ran into a thread, http://www.geekstogo...us-t198352.html , that seemed to be experiencing the same issues as me. My firefox stopped running and my internet altogether seemed to be crapping out. Tons of pop ups and I've just never ran into this sort of thing. My computer is protected with Bitdefender Total Security 2008, but apparently this isn't good enough.

I followed all the steps in the second post of the thread I pasted above. I followed all the instructions given to the user 'mhilliard_13' in hopes that this would help me out.

Attached hereto, for your review, are the logs created by these programs:

Posted 29 May 2008 - 12:10 PM

Tal

Posted 30 May 2008 - 04:14 AM

Hi Please don't bump your topics as it makes it harder for us to see that there are no replies.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!

Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.

NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!

You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed.

In first glance there is nothing wrong with the machine, however there are the remains of Vundo and several files that indicate the newest variant of Vundo 'visited' your computer. Let's delete some files and get an online scan.

Step1 : Deleting files with OTMoveIt

Please download the OTMoveIt2 by OldTimer. Please note: If you already have OTMoveIt on your system, please replace it with this newer version.

Save it to your desktop.

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\jjjjhfym.exe
C:\WINDOWS\system32\TsDKknnn.ini2

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

Click the red Moveit! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step2 : Correcting orphaned entries with HijackThis

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)